Emeterai Privacy Policy
Emeterai issues Electronic Certificates, which are obtained and
used by individuals to authenticate their identity to others, sign documents
using electronic signature, and/or to encrypt sensitive data so they can be
transmitted over the Internet.
Subscribers declare
that they have read, understood and agreed to the Provisions of Emeterai Privacy Policy.
The provisions in this
Subscribers Privacy Policy can be amended or updated in whole or in part from
time to time without prior notification to the Subscribers, and the amendment
comes into effect since its publication on the Site. Subscribers to Emeterai Services are advised to check the Site
periodically to be aware of any changes in the provisions from time to time.
By resuming access to Emeterai Accounts or continuing the usage of Emeterai Services, Subscribers agree with the amendments to
the Provisions in this Privacy Policy. In the event that Subscribers do not
agree with the amendments, Subscribers should immediately notify Emeterai to terminate their Emeterai
Accounts.
This Emeterai Privacy Policy is an inseparable part of and is
related to the Emeterai electronic certificate
Ownership / Subscriber Agreement document; thus, Subscribers to Emeterai Accounts accept, agree, and acknowledge that the
Subscribers have read and understood all of the contents of the document. If
there is a difference in writing the terms, then Emeterai
Privacy Policy and electronic certificate ownership / Subscriber Agreement
documents have the same meaning.
A. Definition
All capitalized words
herein have the following meanings:
1. “Emeterai
Account” is an alphanumeric code issued by Emeterai,
and the code can be associated to a unique username which can identify the
subscriber in using Emeterai Services.
2. “Electronic
Document” is any electronic information which includes but is not
limited to electronic contracts which are made, forwarded, sent, received, or
stored in electronic form.
3. “Electronic
Information” is a single or a group of electronic data which include
but are not limited to written data, audio data, pictures, maps, designs,
photographs, electronic data interchange (EDI), e-mails, telegrams, telex,
telecopies and the like, letters, signs, numbers, access codes, symbols, or
perforations which has been processed to obtain meanings or to be understood by
the people who can comprehend them.
4. “Emeterai
Services” are the services to issue Electronic Certificates and create
Emeterai Electronic Signatures and/or other Emeterai services as stated by Emeterai
from time to time through Emeterai Site or
Application.
5. “Subscribers ” means private individuals,
associations, firms, companies, legal entities, institutions or organizations
that use Emeterai Services.
6. “Emeterai
Application” refers to Emeterai Services in
the form of mobile apps.
7. “Electronic
Certificate” is a certificate issued by Emeterai
electronically and containing the Electronic Signatures and identities which
identify the legal subjects or all parties involved in an electronic
transaction.
8. “Site”
refers to https://emeterai.com.
9. “Service
Policy and Practice Documents” refer to Certificate Policy,
Certificate Practice Statement, Emeterai Privacy
Policy, and other policy documents which inform the policies and practices of Emeterai Services, as regulated in Root CA Indonesia and
the applicable laws and regulations.
10. “Subscriber
Agreement” means the terms and conditions which bind the Owners of Emeterai Accounts, as the Subscribers to Emeterai Services.
11. “Relying
Parties” are associations, firms, companies, legal entities,
institutions or organizations that rely on Emeterai
Services.
12. “Electronic
Signatures” are signatures which consist of Electronic Information
which has been affixed, associated, or related to other Electronic Information
which is used as a verification and authentication which is created by using Emeterai Services.
B. Compliance
Emeterai adheres to and complies with the applicable laws and
regulations in providing its services as an Electronic Certificate Authority
which is responsible for the use of personal data, their management, and their
storing processes as regulated in:
a. Law No. 11 of 2008
on Electronic Information and Transactions;
b. Government
Regulation No. 71 of 2019 on the Organization of Electronic Systems and
Transactions;
c. Regulation of
Minister of Communication and Informatics No. 11 of 2018 on the Organization of
Electronic Certificates;
d. Regulation of
Minister of Communication and Informatics No. 20 of 2016 on the Personal Data
Protection on Electronic System
e. CP / CPS Root CA
Indonesia.
C. Personal Data
1. Collection of Personal Data
Emeterai collects and processes the Subscribers personal data when
the Subscribers submit applications for Emeterai
Electronic Certificates, and Emeterai obtains the
personal data directly from the Subscribers, Emeterai
will verify the personal data and compare them with the data sent by the
Subscribers to the data Registration Authority that has partnered with us. In
the Event of the Electronic Certificate application process stops, Emeterai will not store the Subscribers' personal data.
2. The Obtained Personal Data
The data required when
the Subscribers apply for the issuance of Emeterai
Electronic Certificates are:
a. National Identity
Number in E-KTP for Indonesian citizens
b. Passport or KITAS /
KITAP Numbers for foreign citizens
c. Full Name
d. Place and date of
birth
e. Gender
f. Email Address
g. Mobile phone number
h. Self-portrait
photograph
3. Personal Data Storage
Emeterai stores Subscribers personal data and protects them from
loss, misuse or improper disclosure, in accordance with Information Security
Management System practices. This storage is maintained for as long as the
Subscribers Certificates are still valid, and complies with the data retention
period specified in Emeterai CP and CPS documents.
Actions taken by Emeterai include:
a. Emeterai
takes security and storage measures with great care in order to protect the
confidentiality of the Subscribers' personal data from time to time;
b. Emeterai
guarantees that any data uploaded and sent by the Subscribers to the Emeterai Services are stored securely and sent
confidentially using information security standards;
c. Emeterai
guarantees to protect the Subscribers' Private Key storage area safely with a
high level of escrowed security, namely Subscribers' Private Keys can only be
accessed by the Subscribers, using two-factor authentication;
d. Emeterai
will notify the Subscribers in the event that there is a failure to protect the
confidentiality of the Subscribers' personal data in the Emeterai
electronic system under the provisions of the applicable laws and regulations;
and
e. Emeterai
guarantees that only the Subscribers and other parties who are given permission
by the Subscribers to access the electronic documents can view the documents
that the Subscribers upload through their Emeterai
Accounts to Emeterai Services.
4. Personal Data Protection Mechanisms
a. All access to
personal data is verified to maintain the confidentiality of the personal data.
b. Emeterai
has no right to modify Subscribers' personal data unless there is a request
from the legitimate owners of the data.
c. Personal Data
Information is stored and processed at processing facilities located in the
Indonesian territory of Indonesia and secured under the provisions of
applicable laws and regulations.
d. Emeterai
protects personal data storage activities to prevent a personal data leak in DC
and DRC.
e. Emeterai
retains personal data during the retention period
f. Emeterai
processes and records activities related to the storage, transfer and deletion
of personal data that occurs.
5. Pengungkapan Data Pribadi / Disclosure of Personal Data
Emeterai can use or disclose the Subscribers personal data to
parties authorized by laws and regulations in order to comply with the
provisions of laws and regulations for law enforcement processes or for taking
further preventive action in connection with unauthorized activities, suspected
criminal acts, or violations of the laws or regulations. Pertaining to the use
or disclosure, the Subscribers release Emeterai from
all claims, charges, and compensation that may result from the use or
disclosure.
In Order to provide Emeterai services, Emeterai shall
be able to disclose and share the Subscribers Personal Data to a third party
provided that the Subscribers have given their consent to such disclosure and
sharing. Consent refers to Article B - Compliance and Point 7 - The consent to
use personal data in this Privacy Policy. Emeterai
will only disclose and share the Subscribers Personal Data only when it is
necessary to provide our services to the Subscribers.
Some Personal Data that
Emeterai maintain may be shared on occasion with
service providers, such as payment service providers, regulators, external
experts (auditors, attorneys, other consultants that Emeterai
hire to assist in performing functions necessary to operate our business). If Emeterai make a disclosure of this type, the Personal Data
recipient must agree to:
a. View the Personal
Data only on Emeterai premises and not remove it,
except as necessary to provide the services to Emeterai;
b. Use it only for the
purposes and interests that have been previously established; and
c. Return it to Emeterai employees or destroy it as soon as the need for
the Personal Data expires.
6. Deletion of Personal Data
The deletion of the
Subscribers personal data is conducted by termination of the Emeterai account access and terminating the Emeterai Services. Personal Data stored by Emeterai have a retention period of 5 (five) years under
the provisions stipulated in Emeterai CP / CPS.
7. The Consent to Use Personal Data
a. The Subscribers
hereby declares that they have given explicit permission to Emeterai
prior to the Electronic Certificate issuance process.
b. The usage of Emeterai Account and Emeterai
Services, the Subscribers agree to comply with all applicable laws and
regulations in Indonesia.
8. Contact and Notification
Every notification from
Emeterai addressed to the Subscribers will be
notified through Emeterai apps, the Subscriber's
account dashboard, e-mail, or Short Message Service (SMS) sent to the
Subscribers registered with the Emeterai Account.
Every notification from
the Subscribers to Emeterai becomes effective when
the notification is received by Emeterai via e-mail: cs@emeterai.com and/or the physical documents can be sent to PT Datanet Indomedia, Jl. Kramat Raya no. 140, Central Jakarta, 10430.
D. Others
This policy is made in
2 languages, namely Indonesian and English. If there is a difference in
interpretation between the Indonesian text and the English text, the Indonesian
text will prevail.